CVE-2026-4776

high

Description

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands.

References

https://github.com/mautic/mautic/security/advisories/GHSA-fcmw-wx57-9p75

Details

Source: Mitre, NVD

Published: 2026-05-29

Updated: 2026-05-29

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:P

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L